#! /bin/sh
# Copyright (c) 2001-2002 SuSE GmbH Nuernberg, Germany.
#
# Author: Michal Ludvig <feedback@suse.de>, 2004
#
# /etc/init.d/ipsec-tools
#   and its symbolic link
# /usr/sbin/rcipsec-tools
#
# System startup script for the IPsec key management daemon
#
### BEGIN INIT INFO
# Provides:       racoon
# Required-Start: $remote_fs $named $syslog
# Required-Stop:  $remote_fs $named $syslog
# Default-Start:  3 5
# Default-Stop:   0 1 2 6
# Description:    IPsec key management daemon
### END INIT INFO

SETKEY="IPsec policies"
SETKEY_BIN=/usr/sbin/setkey
SETKEY_CONF=/etc/racoon/setkey.conf

RACOON="IPsec IKE daemon (racoon)"
RACOON_BIN=/usr/sbin/racoon
RACOON_CONF=/etc/racoon/racoon.conf
RACOON_PIDFILE=/var/run/racoon.pid

test -x $SETKEY_BIN || exit 5
test -x $RACOON_BIN || exit 5

test -f /etc/sysconfig/racoon && . /etc/sysconfig/racoon

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num><num>
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status
. /etc/rc.status

# First reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in
    start)
	# Setting up SPD policies is not required.
	if [ -f $SETKEY_CONF ]; then
		echo -n "Setting up $SETKEY"
		$SETKEY_BIN $SETKEY_OPTIONS -f $SETKEY_CONF
		rc_status -v
		rc_reset
	fi
	
	echo -n "Starting $RACOON "
	## If there is no conf file, skip starting of ddtd
	## and return with "program not configured"
	if ! [ -f $RACOON_CONF ]; then
		echo -e -n "... no configuration file found"
		rc_status -s
		# service is not configured
		rc_failed 6
		rc_exit
	fi

	# startproc should return 0, even if service is 
	# already running to match LSB spec.
	startproc $RACOON_BIN $RACOON_OPTIONS -f $RACOON_CONF
	rc_status -v
	;;

    stop)
	echo -n "Shutting down $RACOON"
	## Stop daemon with killproc(8) and if this fails
	## set echo the echo return value.

	killproc -p $RACOON_PIDFILE -TERM $RACOON_BIN

	# Remember status and be verbose
	rc_status -v
	rc_reset

	# Flush SPD policies if required
	if [ -n "$SETKEY_FLUSH_OPTIONS" ]; then
		echo -n "Flushing $SETKEY"
		$SETKEY_BIN $SETKEY_FLUSH_OPTIONS
		rc_status -v
	fi
	;;
    try-restart)
	## Stop the service and if this succeeds (i.e. the 
	## service was running before), start it again.
	$0 stop  &&  $0 start

	# Remember status and be quiet
	rc_status
	;;
    restart)
	## Stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$0 start

	# Remember status and be quiet
	rc_status
	;;
    force-reload)
	## Signal the daemon to reload its config. Most daemons
	## do this on signal 1 (SIGHUP).
	## If it does not support it, restart.

	echo -n "Reload service $RACOON"
	killproc -p $RACOON_PIDFILE -HUP $RACOON_BIN
	rc_status -v
	;;
    reload)
	## Like force-reload, but if daemon does not support
	## signalling, do nothing (!)

	echo -n "Reload service $RACOON"
	killproc -p $RACOON_PIDFILE -HUP $RACOON_BIN
	rc_status -v
	;;
    status)
	echo -n "Checking for $RACOON: "
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

	# Status has a slightly different for the status command:
	# 0 - service running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running

	checkproc -p $RACOON_PIDFILE $RACOON_BIN
	rc_status -v
	;;
    probe)
	## Optional: Probe for the necessity of a reload,
	## give out the argument which is required for a reload.

	test "$RACOON_CONF" -nt "$RACOON_PIDFILE" && echo reload
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit
